Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-Check
Feature-Policy
Upgrade
Content-Encoding
Status
Accept-CH
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Accept-CH-Lifetime
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Litespeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pingback
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
X-NWS-LOG-UUID
Cache-Tag
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-Vname
X-PC
X-TtlSet
X-Edge
X-Mcache
X-Midtier
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Oneagent-Js-Injection
Edge-Control
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Dw-Request-Base-Id
X-ARC
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-Amz-Rid
X-Middleton-Response
X-CST
Response
X-Navigation-Version
X-Goog-Hash
X-Daa-Tunnel
X-Powered-CMS
X-Upstream
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Edge-Location-Klb
X-Kinsta-Cache
X-Forwarded-For
X-Amzn-Trace-Id
X-Cache-Key
X-Wormhole-Sdk
Accept-Ch-Lifetime
X-Ratelimit-Limit
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
RTSS
X-Ua-Device
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-NF-Request-ID
X-FastCGI-Cache
Edge-Cache-Tag
Cache-Status
X-ORACLE-DMS-ECID
X-Server-ID
X-Version
Public-Key-Pins
X-Ttl
X-Mg-S
X-Ratelimit-Remaining
AR-CACHE
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-Content-Digest
Cross-Origin-Resource-Policy
X-SharePointHealthScore
SPRequestGuid
S
Realpath
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Fastcgi-Cache
X-Varnish-TTL
X-Cached
X-Fastly-Request-ID
X-Recruiting
X-Accel-Expires
X-Distributor
Front-End-Https
Access-Control-Request-Method
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
TP-Cache
X-Correlation-Id
X-Debug
Count-Hit
X-Request-Received
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-HS-Cache-Config
X-TTL
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
X-Id
Server-Node
X-Azure-Ref
X-Ua-Browser
X-LLID
X-Content-Security-Policy-Report-Only
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-Hits
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
Origin-Trial
X-Varnish-Backend
X-LB-Cache
X-Goog-Metageneration
Accept-Ch
X-Protected-By
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Microsite
Cleartype
X-Git-Hash
Host
X-FB-Debug
X-Unique-Id
X-Logged-In
Content-Disposition
X-Www-Served-By
Filterid
X-Activity-Id
X-AppVersion
X-Az
X-Varnish-Server
X-Ratelimit-Reset
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-App-Server
X-Nf-Request-Id
X-Hostname
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-HP-Webp
X-DIS-Request-ID
X-Jurisdiction
X-HP-Trace-Id
X-Page-Id
X-Geo-Country
MRF-Tech
X-Cambria-Cache-Control
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Fastcgi-Cache
X-Xrds-Location
Akamai-GRN
Access-Control-Allow-Method
X-Load-Cache
X-Origin-Server
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-WP-CF-Super-Cache
Retry-After
X-WP-CF-Super-Cache-Cache-Control
X-Template
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-RateLimit-Remaining
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Storage-Class
X-Aspnet-Version
MS-Author-Via
Fastly-SWR
X-Type
Fastly-SIE
Viewport
Accept-Charset
X-ASPNET-VERSION
X-Fb-Rlafr
X-TT
Frame-Options
Section-Io-Cache
X-Cache-Control
X-Content-Options
Version
X-B3-Sampled
X-Grace
X-Varnish-Ttl
X-B
X-Ah-Environment
Content-MD5
X-Request-Guid
X-Envoy-Decorator-Operation
X-Revision
X-Vcl-Version
X-Trace-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Rid
Healthy
X-Device-Type
X-Source
Amp-Access-Control-Allow-Source-Origin
X-Origin-Cache
X-Amz-Meta-S3cmd-Attrs
X-Magnolia-Registration
X-Cdn
X-Cache-Age
X-Contextid
Server-Name
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Language
X-Px
X-Mobile
X-Backend-Name
X-Aspnetmvc-Version
X-Webkit-CSP
X-Buckets
X-Proxy
X-RM-Cache-TTL
X-Tumblr-User
DC
X-App-Environment
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-RemovedCookies
X-Akamai-Edgescape
X-ProcessESI
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Framework
X-Rule
X-Storage
Access-Control-Request-Headers
X-Mg-Request-UUID
X-Status
X-Debug-Info
TCN
X-Node-Name
X-FW-Dynamic
X-Debug-IsPreview
X-Proxy-Cache-Info
X-Environment-Context
X-FW-Hash
X-NYM-Debug-Backend
X-FW-Type
X-FW-Version
Cross-Origin-Window-Policy
X-ServerID
X-FW-Serve
X-HTML-Minification-Powered-By
X-FW-Server
X-FW-Static
X-G
NGB
X-Adobe-Loc
X-Cacheable-TTL
X-Content-Powered-By
X-Region
X-Instance
SD-X-WS
X-L-Path
X-UUID
X-Debug-IsConnected
X-Adobe-Content
X-FTR-Request-ID
X-Datadog-Trace-Id
GEO-INFO
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
MS-CV
Ms-Operation-Id
X-Seen-By
X-RTag
X-Rendered-As
X-Is-Bot
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-EdgeConnect-Cache-Status
X-Cache-Time
Upgrade-Insecure-Requests
Paypal-Debug-Id
X-User-Agent
Trailer
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Charset
Countrycode
Webserver
Protected
X-Edge-Location
X-HS-Prerendered
X-Whom
Front
OT-Force-Account-Verify
X-Lambda-Id
Refresh
X-WebKit-CSP-Report-Only
X-TT-LOGID
Section-Io-Id
X-VC
X-TraceId
X-IPS-LoggedIn
Priority
X-N
X-AB
X-Cache-Status-Check
X-Reqid
X-Akamai-Request-ID2
Alternate-Protocol
X-VHOST
X-ECache
X-Time
Country
X-Amzn-Remapped-Content-Length
Cross-Origin-Embedder-Policy-Report-Only
X-Response-Served-From
X-Original-Request-Id
Backend
X-B3-SpanId
SRV
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-Traceid
Xet-Cookie
X-Server-W
X-Hl-Ver
X-CCDN-CacheTTL
Liferay-Portal
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Mode
X-Real-IP
Onion-Location
Meta-Geo
X-Auth-Group-Type
X-Cache-Host
X-FB-TRIP-ID
X-Accel-Version
ServerID
X-Web-Node
X-UPSTREAM-Address
X-Skip-Cache
Environment
X-Origin-Date
X-Fetched-On
X-Frame-Option
X-JoinUs
X-Tb
X-Rewrite-Enabled
X-Rn-Rsrv
Filters
From-Origin
Fastcgi-Useragent
X-Scope-Id
X-SaId
X-Tumblr-Pixel-2
X-VC-Cache
Accept-Language
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Origin-CC
X-Origin-TTL
TWC-Device-Class
X-R9-Blue-Green-Version
X-Redis-Cache
Webcakes-App-Name
X-ProxyCache-Status
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
Expiry
X-Say-Cacheable
X-Varnish-Age
X-Say-TTL
X-SayCDN-TTL
X-Hosted-By
X-Varnish-Cache-Hits
X-Restarts
Webcakes-Region
Property-Id
Atl-Traceid
X-Webstats-RespID
TWC-Connection-Speed
X-ProxyCache-Key
X-Cache-Expired-At
X-Cache-Action
X-BYPASS-REASON
X-Cluster-Node
X-Connection-Hash
X-IPLB-Instance
X-IPLB-Request-ID
X-Director
X-Origin-Hint
X-Logging-Id
X-Format
Uber-Trace-Id
Web-Mar-Node
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-Vcache
X-Httpd
X-Served-From
X-Handled-By
X-Tncms
X-Cms-Context
Apigw-Requestid
X-Adobe-Source
X-Request-URI
Mn-Server-Ip
DB-Nickname
X-Forwarded-Host
X-PHP-Host
X-Loop
ServedBy
X-Soup
X-Proxy-Build
X-Cluster
Selected-Fe
X-Timing-Wait
VIX-Pulpo-Node
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
X-Zipkin-Id
X-Extlb
X-Generated-By
X-Proxied
X-Cloudmap
X-Origin
X-Servername
X-Detected-As
Url
X-S
X-Routing-Service
X-SRV
X-LSADC-Cache
Referer-Policy
Cross-Origin-Embedder-Policy
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-Via-JSL
N-Cache
X-DynaTrace
Xserver
X-Hit
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache
X-Tumblr-Pixel-3
X-XRDS-Location
X-Xfnlog-Site
WPO-Cache-Message
WPO-Cache-Status
X-Webkit-Csp
X-NWS-UUID-VERIFY
X-DataDome
X-Azure-Ref-OriginShield
Source
Surrogated-Key
LB
X-Worker
X-RateLimit-Remaining-Second
X-VCT
X-RateLimit-Limit-Second
X-Cache-Debug
X-RCS-CacheZone
X-App-Version
X-Proxy-Cache-Status
CF-IPCountry
X-Upstream-Ht
AMP-Access-Control-Allow-Source-Origin
X-Upstream-Ct
X-Generation-Time
X-Sucuri-Cache
X-Is-Tablet
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Desktop
X-Is-Mobile
X-F-Cache
X-Browser-Name
X-Geo-Region
X-Urbn-Context-Path
X-Cdn-Origin
Locale
X-No-Session
X-Urbn-Site-Id
Node
X-Drupal-Cache-Contexts
X-Sucuri-ID
X-RID
X-UA
X-Drupal-Cache-Tags
Cross-Origin-Opener-Policy-Report-Only
X-Signature
Ohc-File-Size
X-NGINX-Cache
X-B-Cache
X-CLOUD-TRACE-CONTEXT
CDN-RequestId
X-XRDS-LOCATION
X-RateLimit-Limit
X-MP-GENERATED-AT
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-NODE
X-ShopId
X-ShardId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Ttl
X-Locale
X-ElasticPress-Query
X-Cdn-Forward
X-Service
X-Cache-Operation
X-Cache-Rule
Cdncip
X-Ig-Push-State
Cdnsip
X-Ec-GeoHdr
X-INCAP-ABP
X-DPWN-IS-SECURE
X-DefElseHash
X-DefHash
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-D
X-Depends
X-Developer
Candidate-Md5Url
X-Internal-TTL
X-Rojux
Cluster
X-Ec-Fail
Azure-SiteName
X-Shield-Cache-Expires
X-GeoCode
X-Gdpr
X-Path
X-GeoCountry
X-PAYTM-SRV-ID
Rendered-Blocks
X-GeoIP-City
X-GeoIP
X-Platform-Server
X-FC-Vary-Parameters
A
X-Contensis-Viewer-Groups
Azure-SlotName
Azure-Version
BehaviorPad-Version
Azure-RegionName
X-Epic-Correlation-Id
X-ScT
Azure-InstanceId
X-Ig-Origin-Region
X-Scheme
X-Bug-Bounty
MD5-Digest
X-A-Dgt
TDXMobile
Meta-Geo-Continent
X-A-Dcw
Mail-Subject
Lang
X-Mvc-Supplant-Cachable
X-Aicache-OS
X-Aed
X-A-Wwc
X-A-Dam
Ngx.Var.Host
X-Origin-Expires
Thinkindot-CacheControl
X-Origin-Response-Time
Thinkindot-CacheControl-Type
X-Proxy-CacheRZ
X-Org
X-Nyt-Route
Odigeo-Trace-Id
X-A-Ccd
X-A
We-Hiring
X-Proto
Host-ID
Content-Secure-Policy
Producers
X-BCube-Filmed-By
X-Bc-Bl
DCR-Decision-By
Origin
X-Cache-Aspx
X-Jobs
X-Loc
X-Cache-NE
X-Cache-Info
DCR-Processing-Time-Ms
X-Backend-Instance
Sslversion
X-Origin-Time
X-AK-Request-ID
Fastly-Backend-Name
Expect-Staple
X-Mly-Id
Redirect-Candidate
X-App-Name
X-Request-Time
X-Amz-Storage-Class
X-Conf
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-We-Are-Hiring
X-Vmg-Version
X-Vtex-Remote-Cache
X-Varnish-Authentication
X-Tx-Id
X-Varnish-CookieHashed-On
X-HS-CF-Cache-Status
XkeyRZ
X-Site-Version
X-TIM-N
X-Vdms-Version
X-Thinkindot-L3
Xc-Version
X-Cache-Hit
Mime-Version
X-Pad
RNT-Time
Server-Host
X-Pool
X-Access
X-CacheTTL
Wxu-Next-Region
X-AB-Test
X-Platform
RNT-Machine
X-Policy
X-Cdn-Srv
Platform
X-Wikidot-Backend
X-Clientip
X-Proxied-Request
Origin-EX
Origin-Agent-Cluster
Origin-CC
X-Akamai-Device-Characteristics
Product
X-VarnishDD-TTL
X-Location
X-Cached-By
Release
X-Level-Front-Cache
X-Wikidot-Static-Cache
X-Powered-By-VTEX-Cache
X-Cache-Id
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Bl-Debug
Apple-News-Services-Host
Yak-Timeinfo
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
HA-Ipaddr
X-Amz-Meta-Cb-Modifiedtime
Cache-Provider
Apple-News-Services-Request-Url
X-Micro-Cache
Ha-Gx-Prefs
X-B3-Trace-ID
X-GoCache-CacheStatus
X-NMSegId
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
X-Op-Id-All
X-Cache-Grace
Wxu-Next-Hostname
X-Cache-Bucket
Wxu-Next-Commit
Web-Mar-Region
X-Node-Id
L
V-Age
X-Section
X-Eu-Site
Canary
X-Hash
X-HS-Content-Campaign-Id
Cache-Key
Cache
X-Gamma-Serve
X-Varnishpool
X-Fmm-Version
Cdn-Host
X-Edge-Server
W
X-Esi-Check
X-Fastly-Backend
X-Human
Cdn-Request-Time
X-Varnish-Director
X-Generated-On
X-GeoIP-Country-Code
X-UA-Device-Type
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-GeoIP-Region-Code
X-Tb-Optimization-Total-Bytes-Saved
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Var-Ttl
X-SD-PageType
X-Gzip
X-V-Cache
X-Slack-Backend
X-SIPLIST1
X-Ec-Custom-Error
X-VG-WebCache
X-Irp-Debug
X-Req
IsBot
Gh-Request-Id
X-Date
Fastly-GeoIP-CountryCode
Gannett-Cam-Experience-Id
X-Core-Value
X-Content-Age
X-CGP
NM-Fastcgi-Cache
NGX
X-HN
L5d-Success-Class
X-Auto-Login
PFcat
X-VTEX-Cache-Time
X-Via-Fastly
Content-Script-Type
X-Dispatcher-Server
Click-Count-Error
X-SB
Click-Count-Action-Start
X-Viewer-Country
Content-Style-Type
X-VTEX-Cache-Server
Esi-Enabled
DSUID
Debug
User-Agent
X-Csrf-Jwt
X-Newrelic-Synthetics
X-Litespeed-Tag
Akamai-Mon-Iucid-Del
X-Content-Length
Country-Code
X-VG-TLSProxy
X-ORCA-Accelerator
CDN-Uid
X-CUA
Pramga
Fl-Custom-Application
X-Pubstack
CDN-RequestPullSuccess
X-Request-Host
CDN-RequestCountryCode
X-Gen-Mode
X-Varnish-Beresp-Status
X-Server-IP
X-Thanos
CDN-Cache
X-Hnp-Log
Req-ID
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestPullCode
X-Request-Start
XM
X-Block-Status
X-Bip
Sid
CDCHOST
X-Cache-FS-Status
User-Cache-Control
Ssr
X-Men
ServerName
Req-Svc-Chain
X-NodeID
X-Mvc-Supplant-OutputCached
Fastly-SSL
X-BBC-Edge-Cache-Status
X-Varnish-Hits
X-Optimistic-Header
X-Api-Version
X-Dc
TP-L2-Cache
X-Cs
X-HOST
X-TA-CDN-Provider
X-VServer
X-CACHE-GROUP
X-Refresh
X-LB-NoCache
X-Geolocation
X-Cache-Date
X-GEO
Cdn-Requestid
X-S-Cookie
Proxy-Firewall
X-Nananana
X-APP
X-Application
X-B-Cookie
X-IsAdmin
X-External-Request-Id
X-Destination
X-Via-Edge
X-Via-CDN
Edge-Copy-Time
True-Client-Country-4JS
Fastly-Drupal-Html
X-HITS
X-Zen-Fury
X-Via-SSL
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
Sever-Int
X-HA-Backend
X-User
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-Test
C-Via
X-Servedbyhost
Server-Ext
Server-Hostname
CloudFront-Viewer-Country
X-LiteSpeed-Tag
X-ZONE
X-Provided-By
X-Endurance-Cache-Level
Adler-Geo
Is-Eu
X-Zone
X-RequestId
GeoIP-Latitude
X-AIR-PT
X-Air-Pt
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
X-B3-Spanid
X-LB-ID
X-DC
X-CDN-Forward
X-Datadome
X-DynaTrace-JS-Agent
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
Ohc-Cache-HIT
X-FTR-Cache-Status
X-VC-TTL
X-Dispatcher-Number
HostName
X-Nginx-Cache-Key
X-B3-Parentspanid
Server-ID
X-Wa
X-Nc
WZWS-RAY
GeoIp-Country-Code
X-Webkit-Csp-Report-Only
S-Rt
X-Tt-Logid
X-Presslabs-Stats
Cdn
X-TH-Server
X-Vgn-Hpd-Reason
Cache-Tv-Group
T-Server
X-Geo-Header
X-URL
X-COUNTRY
X-Oracle-Dms-Ecid
X-Custom-Header
X-CS
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Pass-Why
X-ND-Cache
True-Client-IP
X-Moov-Xdn-Version
X-Resp-Is-Stale
WP-Super-Cache
X-CACHE-AGE
X-Parent-Response-Time
X-Srv
Vc-Max-Age
X-CMSURLCustom
X-Cache-Server
X-Old-Content-Length
X-HubSpot-Correlation-Id
SID
Resin-Trace
X-Fpc
X-NewRelic-App-Data
X-DataCenter
X-API-Version
Tcn
Pics-Label
Uri
X-TX-ID
X-Thinkindot-L1
Powered-By
X-Vercel-Id
X-Litespeed-Cache-Control
X-Cache-VC
Vix-Hermes-Req-Id
Location
X-Action
SEZNAM-JOBS-OFFER
X-Vercel-Cache
X-FPC
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Fastly-Cache
X-Varnish-Beresp-TTL
X-Ckpd-Fst-Backend
True-Client-Ip
X-SERVER-NAME
On-Server
Serverhost
N1-Cache
X-Stale
Thinkindot-Control
X-Client-Ip
X-APP-VERSION
GeoIP-Country-Code
Srv
ServerHost
X-Datacenter
X-Dynatrace-Js-Agent
Sm-Log-Id
X-Service-Response-Time
Request-ID
X-Cache-TTL-Remaining
AKAMAI
X-Amz-Meta-Opti
X-PERF
X-Oracle-Dms-Rid
Server-Id
X-NC
X-PHP-Backend
X-ApacheServer
X-WA
X-Ua
X-Air-Source
X-Proxy-Cache-La3
X-Debug-Service
Xkey-La3
Hostname
X-Air-Hostname
Xkeylog
X-Fastly-Cache-Status
TWC-GeoIP-DMA
X-Nitro-Cache
X-Render-Time
Cache-Hits
X-WA-Info
X-Cdn-Cache-Status
TWC-GeoIP-Region
TWC-GeoIP-City
X-Air-Trace-Id
Av-Poweredby
X-Info
Cl-Cache
X-Uri
Lb
Geoip-Latitude
Magicmarker
Cf-Ipcountry
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Vc
X-Vary-Devices
X-Udemy-Cache-App-Namespace
RewriteTeamHook
X-ServedByHost
Cache-Contol
Log-Origin
Cloudfront-Viewer-Country
RewriteTestHook
X-Jungle-Id
X-Ion-Hop
X-Ion-Healthy
X-Save-Cache
X-Geo
X-Ee-Generated-By
X-Cms-Device
X-Ee-Origin
X-Ee-Request-Date
X-Ee-Request-Id
Time-Cloud-Cache
Store-Cloud-Cache
X-Lb-Id
X-Fastly-Backend-Reqs
X-Cache-Ttl
X-Via-PopV
X-Via-PopN
My-App
X-Ha-Backend
X-Github-Request-Id
X-Via-PopH
Cmstype
Cmsid
X-IAuth-Set-Uid
X-V
X-Oracle-DMS-ECID
X-Requestid
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-CDN-Cache-Status
CDN
X-Esi
X-Up
X-New
X-From
X-Eligible
X-Limited
X-Rollout
X-Akamai-Pragma-Client-IP
X-VCL-Version
X-App
X-Region-Sid
X-Forwarded-Site
X-Traceid
Machine
WebServer
Warning
WWW-Authenticate
CacheControlHeader
X-Correlation-ID
CountryCode
X-MSEdge-Flight
X-Lb-Nocache
Pragrma
X-LAGOON
X-Dw-Trace-Id
X-MSEdge-Features
Cneonction
Server-Info
Edge-Cache
Reporter
X-Check-Cacheable
X-Akamai-Transformed
X-Serial
X-Cdn-Request-ID
X-HS-Status
X-Ftr-Request-Id
X-Acquia-Purge-Tags
FSS-Cache
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
X-Pod
X-EC-Lua
X-Container-Uri
X-Git-Commit
X-Sucuri-Id
Permission-Policy
CF-Cached-On
X-Web-Server
Thinkindot-Cache-Type
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Td-Header-From-No-Data
X-Tncms-Bot-Tier
X-Akamai-ERPolicy
X-Ms-Lease-Status
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Ms-Blob-Type
X-Orig-Cache-Control
X-Ramcache
Timeexpire
X-SRCache-Key
X-Akamai-ERRuleID
X-Varnish-Hostname
X-Fastly-Cache-Hits